Merge branch 'main' into ashnashahgrover/issue3475

.cspell.json

@@ -35,6 +35,7 @@
     "ccid",
     "celo",
     "cids",
+    "clazz",
     "clsx",
     "cmds",
     "Codecov",
@@ -139,6 +140,7 @@
     "NETWORKSCOPEALLFORTX",
     "NETWORKSCOPEANYFORTX",
     "NODETXPOOLACK",
+    "NOTARISED",
     "notok",
     "Odap",
     "Oidc",

.devcontainer/devcontainer.json

@@ -21,13 +21,12 @@
 		},
 		"ghcr.io/devcontainers/features/java:1": {
 			"installGradle": true,
-			"installMaven": false,
+			"installMaven": true,
 			"installAnt": false,
-			"version": "8.0.392-amzn",
-			"jdkDistro": "amzn",
-			"gradleVersion": "5.6.4",
-			"mavenVersion": "3.9.5",
-			"antVersion": "1.10.13"
+			"version": "17.0.9-tem",
+			"jdkDistro": "tem",
+			"gradleVersion": "8.1.1",
+			"mavenVersion": "3.9.5"
 		},
 		"ghcr.io/devcontainers/features/node:1": {
 			"nodeGypDependencies": true,

.github/workflows/ci.yaml

@@ -1376,6 +1376,7 @@ jobs:
         uses: actions/setup-node@v4.0.3
         with:
           node-version: ${{ env.NODEJS_VERSION }}
+
       - uses: actions/checkout@v4.1.7
 
       - id: yarn-cache
@@ -1386,15 +1387,32 @@ jobs:
           path: ./.yarn/
           restore-keys: |
             ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
+
       - run: ./tools/ci.sh
 
-        if: ${{ env.RUN_CODE_COVERAGE == 'true' }}
       - name: Upload coverage reports as artifacts
+        if: ${{ env.RUN_CODE_COVERAGE == 'true' }}
         uses: actions/upload-artifact@v4.3.3
         with:
           name: coverage-reports-26
           path: ./code-coverage-ts/**/
 
+      - name: build cacti-connector-corda-server-dev.jar
+        working-directory: packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring/
+        run: ./gradlew clean build -Pversion=dev -DrootProjectName=cacti-connector-corda-server
+
+      - if: ${{ env.RUN_TRIVY_SCAN == 'true' }}
+        name: Run Trivy vulnerability scan for cactus-connector-corda-server
+        uses: aquasecurity/trivy-action@0.19.0
+        with:
+          scan-type: 'rootfs'
+          scan-ref: 'packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring/build/libs/cacti-connector-corda-server-dev.jar'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: false
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
   cpl-connector-stellar:
     continue-on-error: false
     needs:
@@ -2205,7 +2223,6 @@ jobs:
         with:
           name: coverage-reports-37
           path: ./code-coverage-ts/**/
-
   ct-cmd-api-server:
     continue-on-error: false
     needs:
@@ -2470,7 +2487,7 @@ jobs:
       JEST_TEST_COVERAGE_PATH: ./code-coverage-ts/cactus-test-tooling
       JEST_TEST_CODE_COVERAGE_ENABLED: true
       TAPE_TEST_PATTERN: >-
-        --files={./packages/cactus-test-tooling/src/test/typescript/integration/besu/besu-test-ledger/constructor-validates-options.test.ts,./packages/cactus-test-tooling/src/test/typescript/integration/fabric/fabric-test-ledger-v1/constructor-validates-options.test.ts,./packages/cactus-test-tooling/src/test/typescript/integration/postgres/postgres-test-container/constructor-validates-options.test.ts,./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-constructor.test.ts,./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-multiple-concurrent.test.ts}
+        --files={./packages/cactus-test-tooling/src/test/typescript/integration/besu/besu-test-ledger/constructor-validates-options.test.ts,./packages/cactus-test-tooling/src/test/typescript/integration/fabric/fabric-test-ledger-v1/constructor-validates-options.test.ts,./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-constructor.test.ts,./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-multiple-concurrent.test.ts}
       TAPE_TEST_RUNNER_DISABLED: false
     runs-on: ubuntu-22.04
     steps:
@@ -2528,6 +2545,39 @@ jobs:
         with:
           name: coverage-reports-46
           path: ./code-coverage-ts/**/
+  cp-consortium-static:
+    continue-on-error: false
+    env:
+      FULL_BUILD_DISABLED: true
+      JEST_TEST_RUNNER_DISABLED: false
+      JEST_TEST_PATTERN: packages/cacti-plugin-consortium-static/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
+      JEST_TEST_COVERAGE_PATH: ./code-coverage-ts/cp-consortium-static
+      JEST_TEST_CODE_COVERAGE_ENABLED: true
+      TAPE_TEST_RUNNER_DISABLED: true
+    needs: build-dev
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Use Node.js ${{ env.NODEJS_VERSION }}
+        uses: actions/setup-node@v4.0.3
+        with:
+          node-version: ${{ env.NODEJS_VERSION }}
+      - uses: actions/checkout@v4.1.7
+
+      - id: yarn-cache
+        name: Restore Yarn Cache
+        uses: actions/cache@v4.0.2
+        with:
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
+          path: ./.yarn/
+          restore-keys: |
+            ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
+      - run: ./tools/ci.sh
+        if: ${{ env.RUN_CODE_COVERAGE == 'true' }}
+      - name: Upload coverage reports as artifacts
+        uses: actions/upload-artifact@v4.3.3
+        with:
+          name: coverage-reports-47
+          path: ./code-coverage-ts/**/
   ghcr-besu-all-in-one:
     runs-on: ubuntu-22.04
     steps:
@@ -2544,16 +2594,7 @@ jobs:
       - uses: actions/checkout@v4.1.7
       - name: ghcr.io/hyperledger/cactus-connector-corda-server
         run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-corda/src/main-server/ -f ./packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile -t cactus-connector-corda-server
-      - if: ${{ env.RUN_TRIVY_SCAN == 'true' }}
-        name: Run Trivy vulnerability scan for cactus-connector-corda-server
-        uses: aquasecurity/trivy-action@0.19.0
-        with:
-          image-ref: 'cactus-connector-corda-server'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: false
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+
   ghcr-corda-all-in-one-flowdb:
     runs-on: ubuntu-22.04
     steps:

.taprc

@@ -44,7 +44,6 @@ files:
   - ./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/cactus-keychain-vault-server.test.ts
   - ./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/plugin-keychain-vault.test.ts
   - ./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/openapi/openapi-validation.test.ts
-  - ./packages/cactus-test-tooling/src/test/typescript/integration/postgres/postgres-test-container/constructor-validates-options.test.ts
   - ./packages/cactus-test-tooling/src/test/typescript/integration/fabric/fabric-test-ledger-v1/constructor-validates-options.test.ts
   - ./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-constructor.test.ts
   - ./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-multiple-concurrent.test.ts

examples/cactus-example-carbon-accounting-backend/package.json

@@ -85,7 +85,7 @@
     "http-status-codes": "2.1.4",
     "jose": "4.15.5",
     "json-stable-stringify": "1.0.2",
-    "qs": "6.9.7"
+    "qs": "6.8.3"
   },
   "engines": {
     "node": ">=18",

examples/cactus-example-carbon-accounting-business-logic-plugin/package.json

@@ -64,7 +64,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-fabric": "2.0.0-rc.3",
     "@hyperledger/cactus-plugin-ledger-connector-xdai": "2.0.0-rc.3",
     "async-exit-hook": "2.0.1",
-    "axios": "1.6.0",
+    "axios": "1.7.5",
     "express": "4.19.2",
     "openapi-types": "12.1.3",
     "typescript-optional": "2.0.1",

examples/cactus-example-cbdc-bridging-backend/package.json

@@ -70,7 +70,7 @@
     "@openzeppelin/contracts": "4.9.6",
     "@openzeppelin/contracts-upgradeable": "4.9.6",
     "async-exit-hook": "2.0.1",
-    "axios": "1.6.0",
+    "axios": "1.7.5",
     "crypto-js": "4.2.0",
     "dotenv": "16.0.1",
     "fabric-network": "2.2.20",

examples/cactus-example-cbdc-bridging-frontend/package.json

@@ -33,7 +33,7 @@
     "@types/node": "18.11.9",
     "@types/react": "^18.2.39",
     "@types/react-dom": "^18.2.17",
-    "axios": "1.6.0",
+    "axios": "1.7.5",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "react-scripts": "5.0.1",

examples/cactus-example-discounted-asset-trade-client/package.json

@@ -61,7 +61,7 @@
     "@hyperledger/anoncreds-nodejs": "0.2.0",
     "@hyperledger/aries-askar-nodejs": "0.2.0",
     "@hyperledger/indy-vdr-nodejs": "0.2.0",
-    "axios": "1.6.0",
+    "axios": "1.7.5",
     "inquirer": "8.2.6",
     "loglevel": "1.8.1"
   },

examples/cactus-example-discounted-asset-trade/package.json

@@ -23,7 +23,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-ethereum": "2.0.0-rc.3",
     "@hyperledger/cactus-plugin-ledger-connector-fabric": "2.0.0-rc.3",
     "@types/node": "18.11.9",
-    "axios": "1.7.2",
+    "axios": "1.7.5",
     "body-parser": "1.20.2",
     "cookie-parser": "1.4.6",
     "debug": "3.1.0",

examples/cactus-example-supply-chain-backend/package.json

@@ -66,7 +66,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-xdai": "2.0.0-rc.3",
     "@hyperledger/cactus-test-tooling": "2.0.0-rc.3",
     "async-exit-hook": "2.0.1",
-    "axios": "1.6.0",
+    "axios": "1.7.5",
     "dotenv": "16.0.0",
     "express": "4.19.2",
     "express-jwt": "8.4.1",

examples/cactus-example-supply-chain-business-logic-plugin/package.json

@@ -65,7 +65,7 @@
     "@hyperledger/cactus-plugin-ledger-connector-fabric": "2.0.0-rc.3",
     "@hyperledger/cactus-plugin-ledger-connector-xdai": "2.0.0-rc.3",
     "async-exit-hook": "2.0.1",
-    "axios": "1.6.0",
+    "axios": "1.7.5",
     "express": "4.19.2",
     "openapi-types": "12.1.3",
     "run-time-error-cjs": "1.4.0",

extensions/cactus-plugin-htlc-coordinator-besu/package.json

@@ -65,7 +65,7 @@
     "@hyperledger/cactus-plugin-htlc-eth-besu-erc20": "2.0.0-rc.3",
     "@hyperledger/cactus-plugin-ledger-connector-besu": "2.0.0-rc.3",
     "@hyperledger/cactus-test-plugin-htlc-eth-besu-erc20": "2.0.0-rc.3",
-    "axios": "1.7.2",
+    "axios": "1.7.5",
     "body-parser": "1.20.2",
     "fast-safe-stringify": "2.1.1",
     "joi": "17.13.3",

extensions/cactus-plugin-object-store-ipfs/package.json

@@ -59,7 +59,7 @@
     "@hyperledger/cactus-common": "2.0.0-rc.3",
     "@hyperledger/cactus-core": "2.0.0-rc.3",
     "@hyperledger/cactus-core-api": "2.0.0-rc.3",
-    "axios": "1.6.0",
+    "axios": "1.7.5",
     "run-time-error-cjs": "1.4.0",
     "typescript-optional": "2.0.1",
     "uuid": "10.0.0"

jest.config.js

@@ -56,7 +56,6 @@ module.exports = {
     `./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/cactus-keychain-vault-server.test.ts`,
     `./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/plugin-keychain-vault.test.ts`,
     `./packages/cactus-plugin-keychain-vault/src/test/typescript/integration/openapi/openapi-validation.test.ts`,
-    `./packages/cactus-test-tooling/src/test/typescript/integration/postgres/postgres-test-container/constructor-validates-options.test.ts`,
     `./packages/cactus-test-tooling/src/test/typescript/integration/fabric/fabric-test-ledger-v1/constructor-validates-options.test.ts`,
     `./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-constructor.test.ts`,
     `./packages/cactus-test-tooling/src/test/typescript/integration/substrate/substrate-test-ledger-multiple-concurrent.test.ts`,

package.json

@@ -174,7 +174,7 @@
     "fast-safe-stringify": "2.1.1",
     "fs-extra": "11.2.0",
     "globby": "12.2.0",
-    "google-protobuf": "3.21.2",
+    "google-protobuf": "3.21.4",
     "grpc-tools": "1.12.4",
     "grpc_tools_node_protoc_ts": "5.3.3",
     "husky": "7.0.4",

packages/cacti-plugin-consortium-static/.gitignore

@@ -0,0 +1,2 @@
+cactus-openapi-spec-plugin-consortium-manual.json
+src/main/typescript/generated/openapi/typescript-axios/.npmignore

packages/cacti-plugin-consortium-static/README.md

@@ -0,0 +1,56 @@
+# `@hyperledger/cacti-plugin-consortium-static`
+
+## Cacti Consortium Static
+
+This plugin is an improvement of the package /cactus-plugin-consortium-manual ,bringing some new features to the table while conserving the possibility to be used as the old one (not allowing runtime changes)
+
+### Add Nodes to Consortium
+
+It is possible to add a new node to the consortium using the api of the plugin. 
+
+New nodes need to belong/be certified by one of the organizations that are part of the consortium. On creating the consortium, it is required to specify the public keys of the organizations that are part of the consortium. When a new node requests to join, the request carries a jwt token signed by the organization it is tied to, which serves as proof that the organization reccognises the new node identity.
+
+When a new node submits a request to join, the receiving node verifies the request and broadcasts it (or not, depending on the verification) to the remaining nodes in the consortium. There is no consensus or reliable broadcast implemented. All the other nodes submit the request to the same verification process. If, for some reason, there are disparities in the consortiumDatabases of each node, either it is due to a network issue (broadcast did not reach destination) or due to malfunction of some node.
+
+
+### Consortium Repository
+
+In addition to the default consortium repository (in cactus-core), the new repository includes data about the Node the repository belongs to:
+```typescript
+//data about self
+  private readonly node: CactusNode;
+  private readonly ledgers: Ledger[];
+  private readonly pluginInstances: PluginInstance[];
+  private readonly memberId: string;
+```
+It also includes the root PolicyGroup of the consortium (explained in next section), and the common configurations of the packages deployed by nodes within the consortium.
+
+We do not verify if the nodes actually apply these configurations and policies, the information so far is used just to check that nodes have knowledge of this settings. Compliance or not is at the responsibility of each node, and to be verified if necessary by other means.
+
+To verify new nodes have the same policies and package configs as the others already in the consortium, we deterministically build two merkle trees (one with each info), concat both roots, and each node verifies the result against their own policies and package common configs.
+
+As a result of this proccess, nodes with divergent policies and configs are not accepted in the consortium (we assume all nodes are correctly configured when the network is created).
+
+### Policy Model
+
+We introduce in this package a proposal of a general-purpose policy model based in work done by the IETF: Core Policy Framework [RFC3060](https://www.rfc-editor.org/rfc/rfc3060).
+
+The model (simplified version) can be viewed in the policy-model directory.
+
+As a brief description, we group PolicyRules in PolicyGroups. PolicyGroups contain PolicyRules and possibly other PolicyGroups. A PolicyRule is composed by a PolicyCondition (constraint to be verified prior to applying the policy) and a PolicyAction (action to be applied).
+
+Below a simplified UML with the relationships between the classes:
+
+![policy model uml](https://github.com/eduv09/images/blob/main/policy-model-uml.jpg)
+
+The consortium information needs to hold only the root policyGroup (others are reached going down in the hierarchy). Each PolicyGroup has a Role. Roles identify the scope of the policy, so a PolicyRule has a set of Roles (role of the group it belongs to, and groups higher in the hierarchy).
+
+The model is in an early stage, and serves only as a POC for now. The goal is to refine it, and possibly move it to cactus-core once if it is accepted by the community as a advantageous feature. It is possible to create consortium without any policy rule or group defined.
+
+
+
+## Notes
+
+Please reffer to package "@hyperledger/cactus-plugin-consortium-manual" as the documentation there applies to this one, namely information about the Prometheus Exporter.
+
+For usage, check the tests in the /integration folder

packages/cacti-plugin-consortium-static/openapitools.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "node_modules/@openapitools/openapi-generator-cli/config.schema.json",
+  "spaces": 2,
+  "generator-cli": {
+    "version": "6.6.0"
+  }
+}